clang option -fret-clean committed

by
from OpenBSD Journal on (#6N8BR)

Theo de Raadt (deraadt@)hascommitted-fret-clean forclang:

CVSROOT:/cvsModule name:srcChanges by:deraadt@cvs.openbsd.org2024/06/02 09:40:43Modified files:gnu/llvm/clang/include/clang/Driver: Options.td gnu/llvm/clang/lib/Driver/ToolChains: Clang.cpp gnu/llvm/llvm/lib/Target/X86: X86.h X86TargetMachine.cpp gnu/usr.bin/clang/libLLVMX86CodeGen: Makefile share/man/man1 : clang-local.1 Log message:add -fret-clean option (amd64 and i386 only at first), defaulting to off.This causes the caller to cleans the return address off the stack aftera callq completes. The option is best used in low-level libraries (such aslibc), because libc contains low-level system call stubs. The optionreduces hints (found on the stale parts of the stack) about libc.so's mappinglocation, and together with random-relinking, relro got/pic, and xonlymakes some exploit methods more difficult.ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.

See our earlier articlefor more discussion.

For now, this is only for amd64 and i386.

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments